slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Departmental Security Framework Rutgers University Office of Information Technology PowerPoint Presentation
Download Presentation
Departmental Security Framework Rutgers University Office of Information Technology

Loading in 2 Seconds...

play fullscreen
1 / 32

Departmental Security Framework Rutgers University Office of Information Technology - PowerPoint PPT Presentation


  • 379 Views
  • Uploaded on

Departmental Security Framework Rutgers University Office of Information Technology Presented By: Bruce Rights Systems Programmer / Administrator Information Protection and Security brights@rutgers.edu Housekeeping Hours Bathrooms Fire exits Telephones Recycling Smoking

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Departmental Security Framework Rutgers University Office of Information Technology' - emily


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Departmental Security Framework

Rutgers University

Office of Information Technology

Presented By:

Bruce Rights

Systems Programmer / Administrator

Information Protection and Security

brights@rutgers.edu

housekeeping
Housekeeping
  • Hours
  • Bathrooms
  • Fire exits
  • Telephones
  • Recycling
  • Smoking
  • Contact information

IT Certificate Program – Departmental Security Framework

departmental security framework
Departmental Security Framework
  • Welcome
  • Introduction

IT Certificate Program – Departmental Security Framework

agenda
Agenda
  • Expectations and Objectives
  • Office of Information Technology Organization
  • Introduction to Security
  • Terms & Definitions
  • IPS Security Services
  • Other Services
  • Rutgers Policies and Procedures
  • Department Responsibilities
  • Conclusion

IT Certificate Program – Departmental Security Framework

expectations and objectives
Expectations and Objectives
  • What would you like to get out of this?
  • What are your past experiences
  • What has happened in the last month?

http://www.rci.rutgers.edu/~brights/it_cert_ips/bbc.mpeg

IT Certificate Program – Departmental Security Framework

office of information technology
Office of Information Technology
  • http://www.rci.rutgers.edu/~brights/it_cert_ips/oit_org_chart.htm

IT Certificate Program – Departmental Security Framework

introduction to security
Introduction to Security
  • Why is security important?
      • What do you want protected about yourself?
      • Is confidentiality possible in today’s electronic world??

IT Certificate Program – Departmental Security Framework

more intro to security
More intro. to Security
  • What is the security threat at Rutgers?

Problems:

Limited internet handoff firewall

Limited firewall from ResNet

Limited firewall from Administrative functions

Lots of data stored locally

No historical security awareness

Limited local subnet firewalls

No authoritarian security directives

Routine pass thru of information so original data custodian does not know the full extent of data sharing

No data classification

No identification of what to keep confidential

No money for security

IT Certificate Program – Departmental Security Framework

even more intro to security
Even more intro. to Security
  • What protection is already here?

Solutions in place:

    • Universal managed anti-virus
    • Local patching repository
    • RUSecure web pages
      • (including cirt, infoprotect, netsecurity, nppi, ruscan)

IT Certificate Program – Departmental Security Framework

terms definitions
Terms & Definitions
  • Authentication
  • Authorization
  • Best Practices
  • Critical Host
  • Data Custodian / Owner / User
  • Defense in Depth
  • Network Contact (NC)
  • Network Liaison (NL)

IT Certificate Program – Departmental Security Framework

rutgers terms definitions
Rutgers Terms & Definitions
  • Microcomputer Support Services Group (MSSG)
  • Rutgers University Computing Services (RUCS) (prior name for OIT)
  • Administrative Computing Services (ACS) (prior name for ESO and ADDM)
  • http://ucstoolkit.rutgers.edu/general/acronyms.html

IT Certificate Program – Departmental Security Framework

ips services
IPS Services
  • Security Awareness
  • Compliance
  • Training
  • Abuse Handling

IT Certificate Program – Departmental Security Framework

ips services security awareness
IPS ServicesSecurity Awareness
  • Webpages
    • http://rusecure.rutgers.edu
  • Online security survey:
    • https://webhost3.rutgers.edu/security_interview/

IT Certificate Program – Departmental Security Framework

ips services security awareness14
IPS ServicesSecurity Awareness
  • Q&A webpage for Directors
    • http://rusecure.rutgers.edu/department/administration/it-security-questions-you-should-be-asking/
  • Mailing lists
    • https://email.rutgers.edu/mailman/listinfo/
      • (Security_Admins and Security_Alerts)

IT Certificate Program – Departmental Security Framework

ips services compliance
IPS ServicesCompliance
  • http://rusecure.rutgers.edu/department/techstaff/compliance/
  • HIPAA, GLBA, SEVIS, FERPA, SOX, FACTA, PCI
  • NJ ID Theft Prevention Act
    • http://infoprotect.rutgers.edu/compl/njid.php

http://www.rci.rutgers.edu/~brights/it_cert_ips/0304_desk.jpg

http://www.rci.rutgers.edu/~brights/it_cert_ips/0304_desk_answer.jpg

IT Certificate Program – Departmental Security Framework

ips services training
IPS Services Training
  • NBCS Education classes
    • Introduction to Security Awareness
    • ID Theft
    • http://edseries.rutgers.edu
  • Camden Education classes
    • http://edseries.camden.rutgers.edu
  • Newark Education series
    • http://www.ncs.rutgers.edu/helpdesk/edseries/index.htm
  • Other specialized/on demand

IT Certificate Program – Departmental Security Framework

ips services abuse handling
IPS ServicesAbuse Handling
  • abuse@rutgers.edu
  • http://rusecure.rutgers.edu/department/techstaff/ih
  • RIAA, IFPI, MPAA, DMCA

IT Certificate Program – Departmental Security Framework

slide18
Subject: DMCA Notice (Ref: RZZZZ)

28 June 2005 Ref: RZZZZ

Re: http://www.eden.rutgers.edu/~XXXXXXX/Music/

Dear Lance D Jordan,

I am contacting you on behalf of the International Federation of the Phonographic Industry (IFPI) and its member record companies.  The IFPI is a trade association whose member companies are some 1,450 major and independent record companies in the US and internationally who create, manufacture and distribute sound recordings. Under penalty of perjury, we submit that the IFPI is authorized to act on behalf of its member companies in matters involving the infringement of their sound recordings, including enforcing their copyrights and common law rights on the Internet.

We have learned that your service is hosting infringing files on its network (see above-referenced directory).  These files contain sound recordings by the artists known as Basement Jaxx, Jackson 5, Gorillaz and Kiss.  These sound recordings are owned by some of our member companies and have not been authorized for this kind of use.  We have a good faith belief that the above-described activity is not authorized by the copyright owner, its agent, or the law.  We assert that the information in this notification is accurate, based upon the data available to us.

We are asking for your immediate assistance in stopping this unauthorized activity.  Specifically, we request that you remove the infringing files fromyour system or that you disable access to the infringing files.  In addition, please inform the site operator of the illegality of his or her conduct.

You should understand that this letter constitutes notice to you that this site operator may be liable for the infringing activity occurring on your service. In addition, under the Digital Millennium Copyright Act, if you ignore this notice, you and/or your company may also be liable for any resulting infringement. This letter does not constitute a waiver of any right to recover damages incurred by virtue of any such unauthorized activities, and such rights as well as claims for other relief are expressly retained.

You may contact me at IFPI Secretariat, 54 Regent Street, London W1B 5RE, United Kingdom or email Notices@ifpi.org, to discuss this notice.  We await your response.

other oit services
Other OIT Services
  • Lan Support Services:
    • http://lss.rutgers.edu/
  • ACL’s on Switches
    • http://www.td.rutgers.edu/documentation/Policies/Switch_Access_Guideline.pdf
  • Web On-Line Payment
    • http://ua.rutgers.edu/unrestricted/CurrUnrestricted.php

IT Certificate Program – Departmental Security Framework

other oit services pt 2
Other OIT Services, pt 2.
  • Safeword
    • http://rusecure.rutgers.edu/services/authentication-token-cards/safeword/
  • SecureID
    • http://rusecure.rutgers.edu/services/authentication-token-cards/securid-authentication/

http://www.rci.rutgers.edu/~brights/it_cert_ips/password.gif

IT Certificate Program – Departmental Security Framework

services outside of oit
Services outside of OIT
  • ID Theft 911
    • http://uhr.rutgers.edu/ben/AddBenIdentityTheft.htm
    • http://www.identitytheft911-sunj.com/home.htm
  • Credit Cards
    • http://www.rci.rutgers.edu/~univcont/creditsecurity/index.htm

IT Certificate Program – Departmental Security Framework

services outside of oit 2
Services outside of OIT (2)
  • Information Protection Evaluation Team (IPET)
    • http://policies.rutgers.edu/PDF/Section50/50.3.9-current.pdf
    • http://policies.rutgers.edu/PDF/Section50/50.3.9-IDTheftGuidelines-current.pdf
  • RUID instead of SSN
    • http://studentaffairs.rutgers.edu/ruid.html

IT Certificate Program – Departmental Security Framework

rutgers policies
Rutgers Policies
  • Rutgers Policies

http://policies.rutgers.edu/

    • Data destruction/disposal
      • http://policies.rutgers.edu/PDF/Section20/20.1.12-current.pdf
    • Copyright
      • http://policies.rutgers.edu/PDF/Section50/50.3.7-current.pdf
    • Computer policies (All are under review)
      • http://policies.rutgers.edu/contents70.shtml

IT Certificate Program – Departmental Security Framework

rutgers procedures etc
Rutgers Procedures, etc
  • Confidentiality
    • http://ruweb.rutgers.edu/oldqueens/employ.pdf
  • Proper Use
    • http://ruweb.rutgers.edu/oldqueens/properuse.pdf
  • Acceptable Use Policy (AUP)
    • http://oit.rutgers.edu/acceptable-use.html
  • Wireless
    • http://wireless.rutgers.edu/policy.php
    • http://oit.rutgers.edu/wireless-policy.html

IT Certificate Program – Departmental Security Framework

rutgers procedures cont
Rutgers Procedures (cont.)
  • (computer security)
    • http://rusecure.rutgers.edu/draft-policies-and-standards/draft-information-security-classification-policy/
    • http://rusecure.rutgers.edu/draft-policies-and-standards/draft-minimum-security-standards-for-networked-devices/

IT Certificate Program – Departmental Security Framework

department responsibilities
Department Responsibilities
  • Policies and procedures
  • Security planning
  • Secure operations

http://www.rci.rutgers.edu/~brights/it_cert_ips/balance.jpg

IT Certificate Program – Departmental Security Framework

department policies and procedures
DepartmentPolicies and Procedures
  • What are your departmental policies?
  • What are your departmental procedures?
  • What are your computer policies and procedures?

http://www.rci.rutgers.edu/~brights/it_cert_ips/to_catch_a_thief.mp3

IT Certificate Program – Departmental Security Framework

department security planning
Department Security Planning
  • Security planning
    • http://rusecure.rutgers.edu/department/administration/developing-an-it-security-plan/
  • Baseline security
    • http://oit.rutgers.edu/security-9-23-2003.html
  • Advanced security
    • http://rusecure.rutgers.edu/draft-policies-and-standards/draft-minimum-security-standards-for-networked-devices/

IT Certificate Program – Departmental Security Framework

department secure operations
DepartmentSecure Operations
  • Incident handling
    • Abuse@rutgers.edu
  • Incident detention and handling
    • http://rusecure.rutgers.edu/department/techstaff/ih

IT Certificate Program – Departmental Security Framework

questions
Questions
  • What questions do you have that I did not answer?
  • What does the future hold?

IT Certificate Program – Departmental Security Framework

thank you for coming
Thank you for coming
  • This course is a component of the IT Certificate Program, a collaborative effort of the Office of Information Technology, University Human Resources, and the Internal Audit Department

IT Certificate Program – Departmental Security Framework

information protection security a division of the office of information technology oit
Information Protection & Security(A Division of the Office of Information Technology [OIT])
  • ASB Annex 1

Room 102

Busch campus

56 Bevier road

Piscataway, NJ 08854

phone: (732) 445-8011

fax: (732) 445-8023

rusecure@rutgers.edu

IT Certificate Program – Departmental Security Framework